Описание
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
A flaw was found in Sinatra. This vulnerability allows an Open Redirect attack via the X-Forwarded-Host (XFH) header, potentially enabling Cache Poisoning or Server-Side Request Forgery (SSRF) when used in caching servers or reverse proxies.
Отчет
Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Red Hat enforces least functionality, enabling only essential features, services, and ports. The environment employs IPS/IDS and antimalware solutions to detect and respond to threats in real time, helping prevent or limit exploitation attempts. Event logs are centrally collected and analyzed to support monitoring, alerting, and detection of input-based manipulation. Static code analysis and peer reviews enforce strong input validation and error handling to prevent improperly validated inputs from causing instability, data exposure, or privilege escalation. In the event of exploitation, process isolation contains the impact within the compromised component, preventing it from affecting other processes or the broader system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-zync-container | Affected | ||
| Red Hat Enterprise Linux 10 | pcs | Not affected | ||
| Red Hat Enterprise Linux 7 | pcs | Out of support scope | ||
| Red Hat Enterprise Linux 9 | pcs | Not affected | ||
| Red Hat Satellite 6 | rubygem-sinatra | Fix deferred | ||
| Red Hat Storage 3 | rubygem-sinatra | Affected | ||
| Red Hat Enterprise Linux 8 | pcs | Fixed | RHSA-2024:10987 | 12.12.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance ...
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
EPSS
5.4 Medium
CVSS3